How to scan individual file or folder

Recommended Posts

If I right-click the file I'd like to scan, there is no "Scan with MWB" option. There used to be. Is it gone for good? Is there a setting that I might change to get the "Scan" option back into the context menu? Running Windows 10.

Once the file is downloaded, open your Downloads folder/location of the downloaded file

Double-click mb-support-X.X.X.XXXX.exe to run the program

You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.

Place a checkmark next to Accept License Agreement and click Next

You will be presented with a page stating, "Get Started!"

Click the Advanced tab on the left column

Click the Gather Logs button

A progress bar will appear and the program will proceed with getting logs from your computer

Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK

Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:

Click "Reveal Hidden Contents" below for details on how to attach a file:

Spoiler

To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

Share this post

Link to post

Share on other sites

Be aware the file you appear to be scanning looks like a picture. MB does not scan pictures.

This is true, however it will check to verify that it is an actual image/non-executable file which is quite useful for checking attachments and the like to ensure they aren't Trojans posing as other file types. That said, the Exploit Protection and other real-time protection features in the Premium version are significantly more useful for dealing with non-executable malware (such as an image or document file that uses malicious scripting/exploits to infect the system/drop malware on the system; something the scan engine is incapable of detecting).

However the file can be manipulated such as a PE binary appended to the graphic or mathematically added ( Example: XOR ) or can be a case of steganography. I recently looked at a Chinese data stealing trojan that downloaded assistive modules, from BAIDU, that were supposedly a JPEG ( identified by the string JFIF in the binary header ) but further into the binary was appended a PE executable. It was that Chinese data stealing trojan that would strip off the JPEG from the PE contents. Thus allowing the add-on malware modules to "hide in plain sight".

MBAM will only look at the first two characters and see if it is marked by 'MZ' and if it isn't, it will pass scrutiny even if at a given Offset there is an appended PE binary. Off course in that state the modified graphic is safe and will not "self execute" and will require a secondary program or script to extract the PE binary.